Behavior of financial industry staff could lead to cybersecurity risks

Denis O’Shea, Founder of Mobile Mentor

The pandemic forced a digital transformation like never before, making the balancing act between security and employee experience more important than ever. While the financial industry fairs better at endpoint security than other industries studied, there are significant gaps between employers’ preventative actions and employees’ actual behaviors.

According to a new study, more than 52% of financial industry employees say security policies restrict the way they work and 49% admit to finding ways to work around them.

The Endpoint Ecosystem studies employee beliefs

In its inaugural year, The Endpoint Ecosystem study examines how employees perceive privacy, productivity, and personal well-being in the modern workplace.

The study defines the Endpoint Ecosystem as the combination of devices, applications and tools plus the employee’s experience using that technology. The study presents a new look at the tradeoffs between security and employee experience that every employer must face.

“The workplace didn’t change much for 20 years, then five seismic shifts happened in just two years,” said Denis O’Shea, founder of Mobile Mentor.

“In 2020, everyone started working remotely and the global chip shortage began, forcing companies to embrace BYO devices. Then cyber-crime increased by five hundred percent just as companies started to hire and onboard remote employees they had never met.”

“As remote work normalized, people started to quit and find new jobs with more flexibility. We were really curious to understand how these shifts impacted people, especially those working remotely in their home office so we decided to find out through this research study.”

“Data from the Endpoint Ecosystem study has given us a new appreciation of the challenge to balance company security and employee experience in the finance industry.”

Other highlights from the Endpoint Ecosystem Study

The Endpoint Ecosystem study also highlights the following specific to the finance industry:

  • All employees have too many passwords in today’s digital society, but the finance industry is managing their passwords carelessly. One third of employees write their work passwords in a personal journal and 69% admit to choosing passwords that are easy to remember. Twenty-nine percent admit to storing their passwords in notes on their phone.
  • Finance has a Shadow IT problem. More than 52% of employees say security policies restrict the way they work and 40% believe at least half of the employees in their organization don’t abide by the security policies. Sixty-one percent of workers believe they are more efficient using non-work apps like Dropbox and Gmail.
  • Finance workers largely understand the gravity and financial impact of a security breach. Seventy-four percent of finance workers believe they will get fired for a data breach while 68% believe their executives should be fired for a privacy breach.
  • Forty-two percent of finance employees believe they have not been adequately trained on security awareness. However, the data shows that 83% of finance workers actually receive security awareness training monthly or quarterly.
  • Seventy-seven percent of finance workers are set up to work from home and 83% of employees believe their tools and technology empower them.
  • Finance employees have a very mature attitude towards security at work, which is true until they go home. Shockingly, 46% of finance workers allow their family members to use their work devices for personal usage. This is much higher than other industries studied: education at 26% ; government at 24%; and healthcare at 28%.

In late 2021, Mobile Mentor commissioned CGK to field the study of 1,500 employees across four high-risk and highly regulated industries: healthcare, finance, education and government.

Employees were located in the United States and Australia. Each interview consisted of 25 questions to understand how employees are using devices in a post-pandemic world.

The goal is to gather data to educate employers how devices in their industries are being used, how to prevent security breaches, and how to best support productive employees.

For the complete report on the financial industry, visit